Can you post the login page or the part of code you set $_SESSION['username'] ?
Are you sure there is no anywhere "session_destroy()"?
BTW, if you use $_SESSION['pw'] for storing password, then, this is very DANGEROUS practice!